Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Cannot start HTTPS services on OS X Lion Server (Kerio & Apple Server in Port conflict (computer says no :-) ))
  •  
BeeOnLion

Messages: 83
Karma: 3
Send a private message to this user
Hi All

We have moved over to 10.8.3 Server however Kerio needs the ports in order to run

http://kb.kerio.com/product/kerio-workspace/server-configura tion-kerio-workspace/cannot-start-http-services-on-os-x-lion -server-636.html

The only way to "resolve" this is to turn off MAC use of these ports which unfortunately this is not an option as they are needed to run other applications

I came across the recommendation of using two network cards as a work around

http://stackoverflow.com/questions/1694144/can-two-applicati ons-listen-to-the-same-port

& I was wondering if anyone had used this product from apple to convert a usb into a ethernet port & would it work at all?

http://store.apple.com/us_smb_78313/product/MC704ZM/A/apple- usb-ethernet-adaptor

Failing that would anyone have a work around other than switching off MAC's use of the ports?

Thanks a million

  •  
fishtech

Messages: 628
Karma: 14
Send a private message to this user
Hi,

I am still using Connect 7.4.3... this may be different if you are using v8.

In Connect > Configuration > Services > Secure HTTP... you can add or change the ports used by Connect for secure connections.

I assume the conflict is port 443. Change that to something else (or delete and just use 9900) and you should be fine.

To make thisngs easy for my users (so they don't have to remember to remember https:mail.mycompany.com:9900 as the webmail address) I use the following javascript in an index file at http://www.mycompany.com/webmail to redirect users to Kerio Connect port 9900.


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
<!-- Begin ReDirect Command -->
<meta http-equiv="refresh" content="1;url=https://mail.mycompany.com:9900/webmail/login/">
<!-- End ReDirect Command -->
</head>

<body>
</body>
</html>





hth,

ft.

[Updated on: Wed, 17 April 2013 15:28]

  •  
BeeOnLion

Messages: 83
Karma: 3
Send a private message to this user
Hi fishtech

Thanks for the reply.
I was wondering have you run into any issue with mobile devices having issue connecting on this different port?
Speaking to Kerio earlier & they mentioned that there could be an issue with syncing as 443 is a industry standard for a lot of phones & we would need to recreate the accounts......

I presume that if I was to go into connect --> configuration --> Services --> Secure HTTP in Kerio admin & change this to port 9900 or something simular all i would need to do then is go to my firewall & set up a rule to forward traffic here to 9900

The user could then enter https://mail.domain.com & automatically be directed to webmail as long as I have a MX & A/AAAA records for this created?

Thanks again for your feedback its much appreciated
  •  
fishtech

Messages: 628
Karma: 14
Send a private message to this user
Quote:
there could be an issue with syncing as 443 is a industry standard for a lot of phones


Hmmm that may be a valid point. i was thinking in the context of webmail only.

I suggest you check the ports yours mobile devices already use.

I just checked mine on iOS and I have by default:

incoming mail... 993
outgoing mail... 465
calendars... 9900
contacts... not possible to view


Incidentally, I usually have port 443 open (I run on OSX client and have had no reason to deactivate it).

When I set up an iOS device I use the 'integration' setup from the webmail login page.

To test I just deactivated service on 443, and was still able to send receive email and sync calendars on my iPhone.

However, Contacts/Addresses breaks. I checked in OSX desktop. Contacts there uses 443. I changed 443 to 9900 and it works again on OSX desktop. It's does not appear possible to change in iOS after an integrated configuration.

So, I can't edit the port number for Contact directly on iOS but i assume if I re-run an integrated install port 9900 will be set for Contacts.

Bottom line (at least with my setup) is that I can turn off 443 and Mail Calendars will not be affected. Addresses/Contacts will require attention.

hth,

ft.

[Updated on: Wed, 17 April 2013 18:14]

  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
BeeOnLion wrote on Wed, 17 April 2013 05:05
<snip>
I was wondering if anyone had used this product from apple to convert a usb into a ethernet port & would it work at all?

http://store.apple.com/us_smb_78313/product/MC704ZM/A/apple- usb-ethernet-adaptor

Failing that would anyone have a work around other than switching off MAC's use of the ports?

Thanks a million



You didn't tell us the hardware on which you are running Connect.

There may be other options which are more suitable that we could recommend if we had that detail.

Thanks.

Cheers,
Jon
  •  
BeeOnLion

Messages: 83
Karma: 3
Send a private message to this user
Hi all

Thanks again for all your feedback & support on this.

In relation to the server that we will be running Kerio on it is the MAC Mini

https://www.apple.com/ie/mac-mini/server/


  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
BeeOnLion wrote on Thu, 18 April 2013 04:18
Hi all

Thanks again for all your feedback & support on this.

In relation to the server that we will be running Kerio on it is the MAC Mini



Can you be a wee bit more specific, please? Which model mini? Or at least what the More Info... section of About this Mac reports (mine reports "MacBook Pro 15-inch, Early 2011").

Thanks.

Cheers,
Jon
  •  
BeeOnLion

Messages: 83
Karma: 3
Send a private message to this user
Hi j.a.duke

MAC mini Server OS X 10.8.3
Processer: 2.3GHz Interl Core i7
Memory: 4GB 1600Mhz
1TB HD
Late 2012

Hope this helps for any work around....
  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
BeeOnLion wrote on Thu, 18 April 2013 07:06
Hi j.a.duke

MAC mini Server OS X 10.8.3
Processer: 2.3GHz Interl Core i7
Memory: 4GB 1600Mhz
1TB HD
Late 2012

Hope this helps for any work around....


Thanks for posting this info.

I think you should look at this: Thunderbolt to Gigabit Ethernet Adaptor.

Even if you aren't running gig, the performance of the Thunderbolt adapter will be so much better than the USB adapter.

I have used this on a 2012 Air and the performance is as good as built-in ethernet.

And it will give you that second port/IP on which to run Connect.

Alternatively, and why I didn't think of this before, you can add a second IP address to the existing ethernet interface-just click the plus button at the bottom of the list in the Network preferences pane, select the interface, name it appropriately, the perform the network setup as normal for a static IP on your network. And this costs nothing to try. And you should be able to designate where Mountain Lion Server routes its traffic.

If the second IP on the existing ethernet doesn't work, then try the Thunderbolt adapter.

And, I'll put in a plug for the Pegasus arrays-the raw disk performance is phenomenal! Better than even several eSATA RAID 5 arrays that I've benchmarked. Also, I've got an Areca ARC-8050 that I'm currently setting up, certifying the disks (via SoftRAID), then qualifying the whole unit. Once I've got it setup I'll try to remember to post performance numbers.

And, please post what you finally end up working with-I'd, as well as others, like to know what worked for a particular solution.

Thanks.

Cheers,
Jon

[Updated on: Thu, 18 April 2013 15:26]

  •  
fishtech

Messages: 628
Karma: 14
Send a private message to this user
 And you should be able to designate where Mountain Lion Server routes its traffic.


Is this done in the Mountain Lion Server firewall settings?

Thanks

ft.
  •  
BeeOnLion

Messages: 83
Karma: 3
Send a private message to this user
Thanks for getting back with the suggestion of the Thunderbolt connection a much better option than the USB Smile

I presume that to add the second IP address to the existing ethernet interface I would just need to go to

Server --> Services --> DNS & hit the + here to add the additional ip?


I will definitely post back as soon as we figure the best option out
  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
BeeOnLion wrote on Thu, 18 April 2013 10:47
Thanks for getting back with the suggestion of the Thunderbolt connection a much better option than the USB Smile

I presume that to add the second IP address to the existing ethernet interface I would just need to go to

Server --> Services --> DNS & hit the + here to add the additional ip?


I will definitely post back as soon as we figure the best option out


The way I'd go about it is to use System Preferences-Network and add it there. I don't think you need to do anything in the Server app.

From what I can find and test at the moment, it looks like the initial (default?) address will be used for the Mac OS X Server services, leaving the new static IP available for Connect.

Cheers,
Jon
  •  
fishtech

Messages: 628
Karma: 14
Send a private message to this user
it looks like the initial (default?) address will be used for the Mac OS X Server services, leaving the new static IP available for Connect



i don't think you can have Kerio Connect only on 1 IP address and not another.

i think all services will be presented on all addresses.

i think the OP will still have the same problem if he goes the route of a 2nd ethernet adapter. I use USB <> ethernet adapters on several of my servers (not Kerio Connect).

ft.
  •  
j.a.duke

Messages: 356
Karma: 14
Send a private message to this user
fishtech wrote on Thu, 18 April 2013 16:01
it looks like the initial (default?) address will be used for the Mac OS X Server services, leaving the new static IP available for Connect



i don't think you can have Kerio Connect only on 1 IP address and not another.

i think all services will be presented on all addresses.

i think the OP will still have the same problem if he goes the route of a 2nd ethernet adapter. I use USB <> ethernet adapters on several of my servers (not Kerio Connect).

ft.


In the Services "tab" you can define on which IP Connect "listens" for a given service.

Also, there is an option in the Advanced tab of the domain settings to bind to a specific IP. Please read this thread for details on how to set this up correctly.

Cheers,
Jon
fishtech

Messages: 628
Karma: 14
Send a private message to this user
In the Services "tab" you can define on which IP Connect "listens" for a given service. 



very good... i had never noticed that.

thanks,

ft.
Previous Topic: Filtering group messages
Next Topic: dynamic ip delivery direct
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 01:07:10 CET 2017

Total time taken to generate the page: 0.00525 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.